securityd/src/tokenkey.cpp

   1 /*
   2  * Copyright (c) 2004,2008 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24
  25 //
  26 // tokenkey - remote reference key on an attached hardware token
  27 //
  28 #include "tokenkey.h"
  29 #include "tokendatabase.h"
  30
  31
  32 //
  33 // Construct a TokenKey from a reference handle and key header
  34 //
  35 TokenKey::TokenKey(TokenDatabase &db, KeyHandle tokenKey, const CssmKey::Header &hdr)
  36         : Key(db), mKey(tokenKey), mHeader(hdr)
  37 {
  38         db.addReference(*this);
  39 }
  40
  41
  42 //
  43 // Destruction of a TokenKey releases the reference from tokend
  44 //
  45 TokenKey::~TokenKey()
  46 {
  47         try {
  48                 database().token().tokend().releaseKey(mKey);
  49         } catch (...) {
  50                 secinfo("tokendb", "%p release key handle %u threw (ignored)",
  51                         this, mKey);
  52         }
  53 }
  54
  55
  56 //
  57 // Links through the object mesh
  58 //
  59 TokenDatabase &TokenKey::database() const
  60 {
  61         return referent<TokenDatabase>();
  62 }
  63
  64 Token &TokenKey::token()
  65 {
  66         return database().token();
  67 }
  68
  69 GenericHandle TokenKey::tokenHandle() const
  70 {
  71         return mKey;    // tokend-side handle
  72 }
  73
  74
  75 //
  76 // Canonical external attributes (taken directly from the key header)
  77 //
  78 CSSM_KEYATTR_FLAGS TokenKey::attributes()
  79 {
  80         return mHeader.attributes();
  81 }
  82
  83
  84 //
  85 // Return-to-caller processing (trivial in this case)
  86 //
  87 void TokenKey::returnKey(Handle &h, CssmKey::Header &hdr)
  88 {
  89         h = this->handle();
  90         hdr = mHeader;
  91 }
  92
  93
  94 //
  95 // We're a key (duh)
  96 //
  97 AclKind TokenKey::aclKind() const
  98 {
  99         return keyAcl;
 100 }
 101
 102
 103 //
 104 // Right now, key ACLs are at the process level
 105 //
 106 SecurityServerAcl &TokenKey::acl()
 107 {
 108         return *this;
 109 }
 110
 111
 112 //
 113 // The related database is, naturally enough, the TokenDatabase we're in
 114 //
 115 Database *TokenKey::relatedDatabase()
 116 {
 117         return &database();
 118 }
 119
 120
 121 //
 122 // Generate the canonical key digest.
 123 // This is not currently supported through tokend. If we need it,
 124 // we'll have to force unlock and fake it (in tokend, most likely).
 125 //
 126 const CssmData &TokenKey::canonicalDigest()
 127 {
 128         CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
 129 }